Vulnerability Database

324,292

Total vulnerabilities in the database

CVE-2025-66274

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.

We have already fixed the vulnerability in the following version: QuTS hero h5.3.2.3354 build 20251225 and later

Published: Feb 11, 2026
Updated: Feb 13, 2026
CVE: CVE-2025-66274
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.9
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWEs:

CWE-476

Affected Software
References

Software	From	Fixed in
qnap / quts_hero	h5.3.0.3115-build_20250430	h5.3.0.3115-build_20250430.x
qnap / quts_hero	h5.3.0.3145-build_20250530	h5.3.0.3145-build_20250530.x
qnap / quts_hero	h5.3.0.3192-build_20250716	h5.3.0.3192-build_20250716.x
qnap / quts_hero	h5.3.1.3250-build_20250912	h5.3.1.3250-build_20250912.x
qnap / quts_hero	h5.3.1.3292-build_20251024	h5.3.1.3292-build_20251024.x

https://www.qnap.com/en/security-advisory/qsa-26-08

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo